IT bloke: Crooks stole my bikes after cycling app blabbed my address An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage. Mark Leigh, 54, of Failsworth, said his two bicycles – worth £500 ($750) and £1,000 ($1,500) – were nicked shortly after he made his address and details of his bikes public on the popular …
He and the other victims need to sue Stava for a negligent, default security fail!
GPS cloud tracking apps must have a minimum radius around detected start/end points where tracking data is always hidden from the public to avoid this kind of security fail.
Publishing any movements you make is a security risk anyway and could get you directly hurt or otherwise compromised.
While I appreciate concerns over Strava - as an IT 'professional' didn't he even think of the downsides of detailing his possessions and using an application that identified his start point? The article was a little unclear, and I presume that Strava does not reveal the actuall adress rather than GPS source location, but still.
Another example of security and privacy being last on the list of a number of 'professionals' in the business. Depressing to think how this extends into toehr walks of life (the 'rob my home' warner being an amusing attempt to highlight the problems).
Little sympathy for professional stupidity though. Will his insurance company pay up given he advertised location and details of his valuables?
I don't think enabling a feature like this it will produce a circle centred on the house since people leave their house along one or two routes, unless they live in a featureless desert, rather than travel out in a random direction each time.
The circle needs to be big enough, though, say a few hundred metres, to encompass many houses. It also needs to be big enough so you don't have to give the exact location anyway, since a copy of the database may be sold on when it is eventually stolen.
I do hope that circle is randomly assigned a centre/radius. Of course if the app writers decided that to be smart, they would re-centre every time the location was looked at, or very time a new ride was displayed, some enterprising thief might get the idea that they could collect enough data from a keen rider to better identify the real start location.
Is it really just me?
Why the hell are you sharing rides on your bike with the world in the first place? I mean... why? Isn't that like the old slide-projector enthusiasts who just show you every detail of their trip when you go around their house? Why?
Just... WHY?
(Why?)
"Why the hell are you sharing rides on your bike with the world in the first place?"
We use a similar app and publish our club rides every week so people on the ride can know where they have been and newcomers have an idea of the type of rides we do.
Thankfully if any naughty people try and use it to track the start/finish they will end up at a telephone box in South Croydon. No bikes inside and very rarely a handset. Guess that was all they could find.
It's exactly like that. You get to be part of a 'community' where everyone pretends to be wildly interested in where and how fast everyone else is riding their bike, the payoff being that other people will pretend to be wildly interested in where and how fast you're riding *your* bike. Doesn't that sound fun?
Ok - so where do you conceal by default?
The number of people who drive to the start of a bike ride is quite high, and there is no benefit to "concealing" the start of that ride.
The setup takes you through setting up privacy zones, and you then have to make each ride public.
bit difficult to be the default setting... how on earth can the app possibly know where your home base is, you might have installed it and activated it someplace else from home...
1) I've set up several privacy zones, home, work, and normal destinations for some of my rides.
2) Even having the garage door locked is not enough, you need a decent ground anchor and to lock the bikes through the frame to that ground anchor, then they need to use noisy power tools to cut them loose.
My insurance insists on me having them secured with a ground anchor when at home and not leaving them locked up overnight either.
It should have been the default setting!
Strava doesn't know your address by default. Would it be better for them to gather further data for them to lose. In any case, who is to say where you want or need a privacy zone? I need several that aren't at my house. As has been noted, you do get prompted to set up a zone and you have to enable ride sharing
Make your start point and finish point a mile or so away from home. Use the travelling to the start point as a warm up and travelling home from it as a warm down. Don't record the warm up / warm down.
A few years ago I bought a new bike, it was stolen the same night. Quite a lot of it was happening, people were being followed home from the shop.
Till recently social and disease used to be a very good fit. It looks like they still are.
Social support in an app - no thanks. Share? No thanks either. I grew up in a place where "sharing" was taught in schools as a virtue. If you were more observant to notice what was behind the high fences of the Politburo dachas you were quick to comprehend that sharing is for the plebs. The ones that benefited from it did not share a dime. Or a kopeika to be more exact.
Share my location? Share my data? Sorry, I know what "sharing" proposed within the context of social by a "business" really means - I had 20+ years of childhood training on that. It means you are screwed and some f***head gets to be a billioner.
Nope, you cannot make me into a sharing sort of person for the life of god. Share? Some other time. Pay me, and you may get stuff.
>I grew up in a place where "sharing" was taught in schools as a virtue.
It still is. However, we still have semantic errors which mislead people. I don't "have the internet on my iphone," I do allow random people on the internet to send stuff to a computer I neither really control nor understand but to which I trust an awful lot of personal information. I do not "have" this app, I HAVE installed a random bit of code, from people I don't know, with whom I have no discernible relationship, on a computer with lots of personal data on it.
Its good that people share these stories. The more publicity this sort of thing gets, the more people understand that the more (even transient) information (such as whereabouts) is stored and shared with code of unknown origin, strangers, government, corporations, cloud storage organisations, the more dangerous it is to you personally. Stop contributing to these infrastructures.
My take on the matter is simply don't do it. Don't bother trying to secure a zillion and one apps, just stop sharing where you run, cycle, walk, what you had for lunch and where it was. No-one needs to know that. My weather app doesn't need my location. I can use privacy mode in the browser and give it a postcode of a major town nearby - it doesn't need to know I'm down at the bottom of my garden. That URL gets stored in the local history, not synced up to some cloud, not even for Firefox.
Give me rsync over ssh over a vpn to my machine at home for "cloud," and I'll be happy. OneDrive I do not want even if it did have unlimited free storage. Application-level clouds are even worse. Per-application storage protocols? No thanks.
If I want to socialise and share with friends, I'll schedule some time to be with them. "You're my friend, but I'm only going to broadcast my information to you, not spend time listening to you" doesn't cut it, not even if the broadcast is two-way. Why have have something as inhuman as a computer mediate social activity? Go back to the clubhouse or pub or invite people home and regale them of stories of the close calls you had with a bus on your bike ride. That is how you build friendships - not by clicking "like" or sending them GPS coordinates of where you ride or where you had lunch.
Stop sharing with corporates, software and devices and start sharing directly with people you know. That is how you develop appropriate trust boundaries.
@p.lee
You'll not want or like IPv6 then without nat, which encourages anything to connect to anything everywhere and discourages hiding your multiple devices behind an obfuscation device like nat!
Privacy is constantly being eroded on the net, opportunities to enhance privacy are often deliberately engineered out, I.e tracking cookies.
I'm already on IPv6 and I've natted off all the devices on my home network. Does not matter if the support IPv6 already, they are natted off the Internet.
My Internet Point of presence was in London E17 but something seems to have (and despite all my best efforts) found my home location. I'm going to move ISP's in January and hope that I can keep my real location obscured from the unwashed masses who would steal it in a flash.
Yes I know that keeping your real ID off the interwebs is getting harder and harder but at least I'm trying unlike a good many of the population who seem to be Social Media Addicts and get their kicks from telling the world what they had for brekkie, how the got to work, where they work etc etc etc
More over, if your broadcasting this information your also telling people where your house is and what your schedule is, so a thief can identify when your not in your house and when a convenient time to rob your house is.
Call me old fashioned, but if somebody was checking my house out every day when I went to work who didn't live in the area then i'd be getting alarmed by it. Simply posting all of this information online alarms me to a similar extent.
Maybe i'm just paranoid (or an introvert...)
but something seems to have (and despite all my best efforts) found my home location
Most likely Android - Google correlates between your WiFi SSID, your visible IP address and various other (a)GPS data. The WiFi vs location is well known and publicized, the IP to other data not so much. It is there and it is being done even if you did not provide them with exact address by associating a payment method to your google play account. It also works if the payment method is registered to a different address. Long live conditional probability and statistics.
Granted, so far there has been only a couple of cases where a person in the google staff has abused their position to access data inappropriately. As it grows the probability for this increases. It is further increased by adding M2M, IoT, etc. It is only a matter of time until it is compromised for use in burglaries. It is not a question of if, it is a question of when and how many.
I'm so old, I remember when cars came without safety belts. But hey, you could add them yourself.
Kids pyjamas would be so inflammable, they would turn your offspring in a burned crisp in seconds. But hey, a parent should keep them away from open fires right?
It is bad design. And the only way it will be corrected is to enforce it by making them pay for the damages caused by their stupidity.
>He's an IT Manager
So what do you all think an IT Manager is?
Personally I'm rather tired of the overuse of the IT tag for anything from retail store PC sales droids, call centre first line support, virtually anything under the sun that involves using Windows to real professionals.
For anyone to descibre themselves as an IT manager means they are not an expert in anything IT otherwise they would be more specific.
"Get a couple of layers of security, spend some money on Sold Secure Gold rated kit"
No, you would be better off growing a brain and NOT publically sharing your name, address, portable goods, and the fucking convenience of a GPS track leading to your front door.
CCTV was never designed to cover morons.
Back when I used to ride, I was the tight-arse of the group, my bike barely made the AU$4K mark. There were others in the group who topped AU$12K. And we had multiple bikes to boot, and we would never share last names with unknowns, and certainly never addresses.
Obvously $1500 shows a different class of customer. Share everything, complain later. He isn't going to get any sympathy from me.
And no, if you're thinking of going shopping, I sold the bikes years ago since my hips completely wore out. The best I can offer now is a limp.
"Sharing". The lie that keeps on giving.
The people who use these apps aren't "sharing"; "sharing" is the neu-tek term for "narcissism". I'm not seeking attention nor am I seeking affirmation, I'm really just "sharing"!
There is no reason for these "sharing" apps to share details like precise speed, personal diet, maintain a leaderboard (Strava), power, cadence, personal activity logs and even heart rate...except for the goal that, in "sharing" these personal tidbits, you'll get attention for something you've done. If these apps were about sharing a road map for others to enjoy, then your personal, intimate details wouldn't matter.
Did you "share" your precise minute-by-minute GPS road track data with your co-workers from your last weekend out on a drive, plus include your last health exam data as well? No, you didn't. We, don't. But you just HAVE to post all your sordid details about your little runs and bike rides, and everything about yourself as you did them, in the hopes that your friends, using the same apps, will give you all the lovely attentions that you've always asked for. They'll call you out for just how good a job you did. Give you a cheer because you are just so special. These apps are the Twitter / Facebook for the self-assigned "athletes", the people who make sure that everything they do is realized as...something important.
So you posted stupid personal details about your stupid, inconsequential personal activity...and you got nipped for it. Good for you.
Idiot.
The funniest thing is that these 'friends' will be too busy 'sharing' their own 'achievements' to be really interested in yours. The big test is to look at how much you care about what others do (not in comparison to yourself, however). There is a good chance those others care just as much about you (not in relation to themselves).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
